5G Puppeteer: Chaining Hidden Command and Control Channels in 5G Core Networks

TL;DR

This paper explores how compromised 5G core network components can be exploited to establish covert command and control channels, enabling undetectable attacks on subscriber security and privacy.

Contribution

It introduces a novel method for chaining hidden command and control channels in 5G networks, exposing vulnerabilities and challenges in current security measures.

Findings

Attacks can be designed to evade detection and prevention.

Various security and privacy breaches are possible without effective countermeasures.

The work highlights critical vulnerabilities in 5G core network security.

Abstract

Mobile networks are essential for modern societies. The most recent generation of mobile networks will be even more ubiquitous than previous ones. Therefore, the security of these networks as part of the critical infrastructure with essential communication services is of the uttermost importance. However, these systems are still vulnerable to being compromised, as showcased in the recent discussion on supply chain security and other challenges. This work addresses problems arising from compromised 5G core network components. The investigations reveal how attacks based on command and control communication can be designed so that they cannot be detected or prevented. This way, various attacks against the security and privacy of subscribers can be performed for which no effective countermeasures are available.